A new AI-driven scam is targeting Gmail users, tricking them into approving fraudulent account recovery requests. The scam aims to steal sensitive information, leveraging fake phone calls and spoofed emails. Tech blogger Sam Mitrovic recently shared his firsthand experience, shedding light on how this deceptive scam works and what users can do to stay safe.
How the 'Scam' operates
The scam starts with an unexpected notification, asking users to approve a Gmail account recovery request that they never initiated. These requests often come from different countries, with Mitrovic’s case originating from the United States. Declining the request might seem like the end of it, but around 40 minutes later, the scammers often make a second attempt through a phone call that appears to be from an official Google number.
The phone call is highly convincing, with a professional-sounding caller claiming that there is suspicious activity on the user’s Gmail account. They may ask if the user has logged in from a foreign location, increasing the sense of urgency. The scammer's number might appear to be from a legitimate Google office, adding to the scam's credibility.
Gmail
Fake emails and recovery requests
Once the scammer gains the user's attention, they claim that sensitive data has been downloaded from the account. To reinforce their claim, they send an email that looks like it’s from Google but is a spoofed message. The objective is to manipulate the victim into approving the fraudulent account recovery request, which would grant the scammers full access to the Gmail account.
How to protect yourself from the scam
Sam Mitrovic emphasizes the importance of awareness and caution in avoiding this scam. Here are some safety tips for Gmail users:
Do Not Approve Unknown Recovery Requests: If you receive a recovery notification that you did not initiate, do not approve it. This could be the first indication that scammers are targeting your account.
- Verify suspicious phone calls: Google rarely makes direct calls to users unless you are involved in Google Business services. If you receive a call claiming to be from Google, hang up and verify the number before responding.
- Examine email addresses carefully: Spoofed emails can look legitimate, but small details like the domain name or “To” field can expose fraud.
- Review security settings regularly: Regularly check your Gmail account’s security settings for any unfamiliar logins. Navigate to the “Security” tab in your account settings to review recent activity.
- Inspect email headers: For tech-savvy users, reviewing the original email headers can help identify if an email was genuinely sent from Google servers.
Stay vigilant to avoid becoming a victim
By staying alert and following these precautions, Gmail users can safeguard themselves against this growing AI-based scam. The key is to remain cautious and verify any unusual activity associated with your account before taking action.
ALSO READ: Cyberattack exposes Zero-day vulnerability in Qualcomm chipsets
ALSO READ: WhatsApp brings low-light Video Calling mode: How to activate it?
